Re: CGI session problem.

Hi,

The session id should be created in the server during if the user/pass is authenticated and send the session id in the cookie as well,

note: do not create the session id again in all the pages, by giving new CGI::Session

in rest of the cgi files, you have to get the server session id and cookie session id to compare if there are valid, if so provide the screen to the user or else the page should be taken back to the user/pass screen saying the 'page has expired'.

let me know if i am not wrong.

Comment on Re: CGI session problem. Download Code

Replies are listed 'Best First'.
Re^2: CGI session problem. by moritz (Cardinal) on Jul 29, 2008 at 10:33 UTC
There's nothing wrong with unconditionally calling `CGI::Session->new()`. If you provide a CGI object (or no arguments at all) it will take the session ID from the cookie, if any, and load the corresponding session. Only if that fails it actually generates a new logical session.	[reply] [d/l]